Skip to content

feat: expose sessionIndex on AuthnResponse#3

Merged
william-suppo merged 1 commit into
masterfrom
feat/authn-response-session-index
Jul 2, 2026
Merged

feat: expose sessionIndex on AuthnResponse#3
william-suppo merged 1 commit into
masterfrom
feat/authn-response-session-index

Conversation

@william-suppo

Copy link
Copy Markdown
Contributor

Summary

  • Exposes SessionIndex (from the assertion's AuthnStatement) on the high-level AuthnResponse, so it no longer needs to be read from the low-level assertion manually.
  • ServiceProviderWrapper::handleAuthnResponse() now extracts it from both plain and encrypted assertions.
  • Adds a test + fixture covering the new field, plus a assertNull check for responses without an AuthnStatement.

Closes #2

The SessionIndex from the AuthnStatement is needed to send a
LogoutRequest but wasn't exposed on the high-level AuthnResponse,
forcing consumers to read the low-level assertion manually.

Closes #2
@william-suppo william-suppo merged commit 26ae345 into master Jul 2, 2026
3 checks passed
@william-suppo william-suppo deleted the feat/authn-response-session-index branch July 2, 2026 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

SessionIndex from original AuthnResponse is needed for logout but not exposed

1 participant